On 4/14/22 12:44 PM, Nikolay Aleksandrov wrote:
When we try to transmit an skb with md_dst attached through wireguard we hit a null pointer dereference[1] in wg_xmit() due to the use of dst_mtu() which calls into dst_blackhole_mtu() which in turn tries to dereference dst->dev. Since wireguard doesn't use md_dsts we should use skb_valid_dst() which checks for DST_METADATA flag and if it's set then fallback to wireguard's device mtu. That gives us the best chance of transmitting the packet, otherwise if the blackhole netdev is used we'd get ETH_MIN_MTU.
[...]
CC: stable@vger.kernel.org CC: wireguard@lists.zx2c4.com CC: Jason A. Donenfeld Jason@zx2c4.com CC: Daniel Borkmann daniel@iogearbox.net CC: Martynas Pumputis m@lambda.lt Fixes: e7096c131e51 ("net: WireGuard secure network tunnel") Reported-by: Martynas Pumputis m@lambda.lt Signed-off-by: Nikolay Aleksandrov razor@blackwall.org
Looks good to me, thanks Nik!
Acked-by: Daniel Borkmann daniel@iogearbox.net